이경수
...@@ -25,21 +25,14 @@ namespace DownloaderGithubClone ...@@ -25,21 +25,14 @@ namespace DownloaderGithubClone
25 Console.Write("Git Repository URL을 입력하세요 : "); 25 Console.Write("Git Repository URL을 입력하세요 : ");
26 string url = Console.ReadLine(); 26 string url = Console.ReadLine();
27 //https://github.com/django/django.git 27 //https://github.com/django/django.git
28 -
29 -
30 string pattern = @"https://github.com/.+/(?<ProjectName>.+)\.(.+)"; 28 string pattern = @"https://github.com/.+/(?<ProjectName>.+)\.(.+)";
31 -
32 var match = Regex.Match(url, pattern); 29 var match = Regex.Match(url, pattern);
33 -
34 if (!match.Success) { 30 if (!match.Success) {
35 Console.WriteLine($"패턴이 맞지 않습니다. Pattern : {pattern}"); 31 Console.WriteLine($"패턴이 맞지 않습니다. Pattern : {pattern}");
36 return; 32 return;
37 } 33 }
38 -
39 -
40 string prName = match.Groups["ProjectName"].Value; 34 string prName = match.Groups["ProjectName"].Value;
41 Console.WriteLine(prName); 35 Console.WriteLine(prName);
42 -
43 int idx = 1; 36 int idx = 1;
44 string path = Path.Combine(dir, prName); 37 string path = Path.Combine(dir, prName);
45 if (Directory.Exists(path)) { 38 if (Directory.Exists(path)) {
......
...@@ -64,7 +64,7 @@ namespace VulnCrawler ...@@ -64,7 +64,7 @@ namespace VulnCrawler
64 } 64 }
65 65
66 /* 메인 동작 함수 */ 66 /* 메인 동작 함수 */
67 - public static void Run() { 67 + public static void Run() {
68 // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) 68 // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록)
69 Regex.CacheSize = 50; 69 Regex.CacheSize = 50;
70 70
...@@ -80,17 +80,17 @@ namespace VulnCrawler ...@@ -80,17 +80,17 @@ namespace VulnCrawler
80 // Repository 목록 만큼 반복함. 80 // Repository 목록 만큼 반복함.
81 foreach (var directory in directorys) { 81 foreach (var directory in directorys) {
82 /* 폴더 중에 linux가 있으면 잠깐 넘어감 (너무 커서 테스트 힘듦) */ 82 /* 폴더 중에 linux가 있으면 잠깐 넘어감 (너무 커서 테스트 힘듦) */
83 - if (directory.Contains("linux")) 83 + if (directory.Contains("~"))
84 { 84 {
85 - // continue; 85 + continue;
86 } 86 }
87 // 템플릿 패턴화 T : VulnAbstractCrawler 87 // 템플릿 패턴화 T : VulnAbstractCrawler
88 VulnWorker.Run<VulnC>(directory); 88 VulnWorker.Run<VulnC>(directory);
89 } 89 }
90 stopwatch.Stop(); 90 stopwatch.Stop();
91 - var hours = stopwatch.Elapsed.TotalHours; 91 + var hours = stopwatch.Elapsed.Hours;
92 - var minutes = stopwatch.Elapsed.TotalMinutes; 92 + var minutes = stopwatch.Elapsed.Minutes;
93 - var seconds = stopwatch.Elapsed.TotalSeconds; 93 + var seconds = stopwatch.Elapsed.Seconds;
94 94
95 Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); 95 Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}");
96 96
......
...@@ -31,7 +31,7 @@ namespace VulnCrawler ...@@ -31,7 +31,7 @@ namespace VulnCrawler
31 public string FuncName { get; set; } 31 public string FuncName { get; set; }
32 public string Hash { get; set; } 32 public string Hash { get; set; }
33 public string Path { get; set; } 33 public string Path { get; set; }
34 - 34 + public string Url { get; set; }
35 public override bool Equals(object obj) 35 public override bool Equals(object obj)
36 { 36 {
37 var block = obj as UserBlock; 37 var block = obj as UserBlock;
...@@ -131,14 +131,15 @@ namespace VulnCrawler ...@@ -131,14 +131,15 @@ namespace VulnCrawler
131 /// <summary> 131 /// <summary>
132 /// 커밋에서 검색할 정규식 문자열 132 /// 커밋에서 검색할 정규식 문자열
133 /// </summary> 133 /// </summary>
134 - public string SearchCommitPattern => @"CVE[ -]\d{4}[ -]\d{4}"; 134 + public string SearchCommitPattern => @"CVE[ -](201[5-8])[ -](\d{4,})";
135 /// <summary> 135 /// <summary>
136 /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 136 /// 패치 코드에서 함수 찾을 정규식 패턴 문자열
137 /// </summary> 137 /// </summary>
138 protected abstract string RegexFuncPattern { get; } 138 protected abstract string RegexFuncPattern { get; }
139 + protected abstract string UserRegexFuncPattern { get; }
139 protected abstract string Extension { get; } 140 protected abstract string Extension { get; }
140 public virtual IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { 141 public virtual IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) {
141 - return patch.Where(e => e.Path.EndsWith(Extension)).ToList(); 142 + return patch.Where(e => e.Path.EndsWith(Extension) && e.Status == ChangeKind.Modified).ToList();
142 } 143 }
143 /// <summary> 144 /// <summary>
144 /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고 145 /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고
...@@ -158,108 +159,11 @@ namespace VulnCrawler ...@@ -158,108 +159,11 @@ namespace VulnCrawler
158 public abstract IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader); 159 public abstract IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader);
159 160
160 protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList); 161 protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList);
161 - /// <summary>
162 - /// 성능 개선을 위한
163 - /// 코드 라인 위치 기반 취약 원본 함수 추출 테스트용 함수 곧 삭제 예정
164 - /// </summary>
165 - public string GetOriginalFuncTest(Stream oldStream, string methodName, int start)
166 - {
167 - StringBuilder oldBuilder = new StringBuilder();
168 -
169 - using (var reader = new StreamReader(oldStream))
170 - {
171 - bool found = false;
172 - bool found2 = false;
173 - bool commentLine = false;
174 - int bracketCount = -1;
175 - string stringPattern = @"[""].*[""]";
176 - string commentPattern = @"\/\*.+\*\/";
177 - string commentPattern2 = @"\/\*";
178 - string commentPattern3 = @"\*\/";
179 - int readCount = 0;
180 - Queue<string> tempQ = new Queue<string>();
181 - while (!reader.EndOfStream)
182 - {
183 - string line = reader.ReadLine();
184 - if (readCount++ < start)
185 - {
186 - tempQ.Enqueue(line);
187 - continue;
188 - }
189 - Stack<string> tempStack = new Stack<string>();
190 - while (tempQ.Count > 0)
191 - {
192 - string s = tempQ.Dequeue();
193 - tempStack.Push(s);
194 - string method = Regex.Escape(methodName);
195 - if (Regex.Match(s, $"{method}").Success)
196 - {
197 - break;
198 - }
199 - }
200 - while (tempStack.Count > 0)
201 - {
202 - string s = tempStack.Pop();
203 - string trim = s.Trim();
204 - if (commentLine)
205 - {
206 - if (Regex.IsMatch(trim, commentPattern3))
207 - {
208 - commentLine = false;
209 - trim = Regex.Split(trim, commentPattern3)[1];
210 - }
211 - continue;
212 - }
213 - string removeString = Regex.Replace(trim, stringPattern, "");
214 - // /* ~ 패턴
215 - if (Regex.IsMatch(trim, commentPattern2))
216 - {
217 - // /* ~ */ 패턴이 아닌 경우
218 - if (!Regex.IsMatch(trim, commentPattern))
219 - {
220 - commentLine = true;
221 - }
222 - trim = Regex.Split(trim, "/*")[0];
223 - }
224 - if (string.IsNullOrWhiteSpace(trim))
225 - {
226 - continue;
227 - }
228 - int openBracketCount = removeString.Count(c => c == '{');
229 - int closeBracketCount = removeString.Count(c => c == '}');
230 - int subtract = openBracketCount - closeBracketCount;
231 - bracketCount += subtract;
232 - // 메서드 시작 괄호 찾은 경우
233 - if (found2)
234 - {
235 - // 괄호가 모두 닫혔으니 종료
236 - if (bracketCount < 0)
237 - {
238 - // Console.WriteLine("괄호끝");
239 - break;
240 - }
241 - // oldBuilder.AppendLine(line);
242 - }
243 - else
244 - {
245 - if (openBracketCount > 0)
246 - {
247 - found2 = true;
248 - }
249 -
250 - }
251 - oldBuilder.AppendLine(s);
252 - }
253 - }
254 - }
255 - Console.WriteLine("찾음");
256 - Console.WriteLine(oldBuilder.ToString());
257 - Console.ReadLine();
258 162
259 - return oldBuilder.ToString();
260 - }
261 public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode); 163 public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode);
262 164
165 + public abstract IDictionary<string, string> CrawlCode(StreamReader reader);
166 +
263 public abstract string Abstract(string blockCode, IDictionary<string, string> dict, IDictionary<string, string> methodDict); 167 public abstract string Abstract(string blockCode, IDictionary<string, string> dict, IDictionary<string, string> methodDict);
264 /// <summary> 168 /// <summary>
265 /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출 169 /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출
...@@ -268,54 +172,42 @@ namespace VulnCrawler ...@@ -268,54 +172,42 @@ namespace VulnCrawler
268 /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param> 172 /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param>
269 /// <returns></returns> 173 /// <returns></returns>
270 public virtual IEnumerable<(string methodName, string oriFunc, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) { 174 public virtual IEnumerable<(string methodName, string oriFunc, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) {
271 - foreach (var item in table) 175 +
176 + // 패치 전 원본 파일 스트림
177 + Stream oldStream = oldBlob.GetContentStream();
178 + using (var reader = new StreamReader(oldStream))
272 { 179 {
273 - var methodTable = new Dictionary<string, string>(); 180 + var dict = CrawlCode(reader);
274 - var varTable = new Dictionary<string, string>(); 181 +
275 - // 메서드 이름 182 + foreach (var item in table)
276 - string methodName = item.Key;
277 - // 패치 전 원본 파일 스트림
278 - Stream oldStream = oldBlob.GetContentStream();
279 - // 패치 전 원본 함수 구하고
280 - string func = GetOriginalFunc(oldStream, methodName);
281 -
282 - string bs = string.Empty;
283 - string md5 = string.Empty;
284 - if (item.Value.Count() != 0)
285 { 183 {
286 - //Console.WriteLine("크리티컬 변수 목록"); 184 + var methodTable = new Dictionary<string, string>();
287 - //Console.ForegroundColor = ConsoleColor.Cyan; 185 + var varTable = new Dictionary<string, string>();
288 - //foreach (var c in item.Value) 186 + // 메서드 이름
289 - //{ 187 + string methodName = item.Key;
290 - // Console.WriteLine(c); 188 +
291 - //} 189 + // 패치 전 원본 함수 구하고
292 - //Console.ResetColor(); 190 + string func = string.Empty;
293 - //Console.WriteLine("-------------------"); 191 +
192 +
193 + foreach (var pair in dict)
194 + {
195 + if (pair.Key.Contains(methodName))
196 + {
197 + func = pair.Value;
198 + break;
199 + }
200 + }
201 +
202 +
203 +
204 +
294 // 크리티컬 블록 추출 205 // 크리티컬 블록 추출
295 var blocks = new List<Block>(); 206 var blocks = new List<Block>();
296 - //var blocks = GetCriticalBlocks(func, item.Value).ToList();
297 - //if (blocks == null)
298 - //{
299 - // continue;
300 - //}
301 - //foreach (var block in blocks)
302 - //{
303 -
304 - // block.CriticalList = item.Value;
305 - // /* 추상화 및 정규화 */
306 - // block.AbsCode = Abstract(block.Code, varTable, methodTable);
307 - // block.Hash = MD5HashFunc(block.AbsCode);
308 -
309 - //}
310 - /* 추상화 변환 테이블 출력 */
311 - //foreach (var var in varTable)
312 - //{
313 - // Console.WriteLine($"{var.Key}, {var.Value}");
314 - //}
315 -
316 yield return (methodName, func, blocks); 207 yield return (methodName, func, blocks);
208 +
209 +
317 } 210 }
318 -
319 } 211 }
320 } 212 }
321 /// <summary> 213 /// <summary>
...@@ -349,7 +241,7 @@ namespace VulnCrawler ...@@ -349,7 +241,7 @@ namespace VulnCrawler
349 var match = Regex.Match(msg, SearchCommitPattern, RegexOptions.IgnoreCase); 241 var match = Regex.Match(msg, SearchCommitPattern, RegexOptions.IgnoreCase);
350 242
351 if (match.Success) { 243 if (match.Success) {
352 - return match.Value; 244 + return $"CVE-{match.Groups[1].Value}-{match.Groups[2].Value}";
353 } 245 }
354 return string.Empty; 246 return string.Empty;
355 } 247 }
......
This diff is collapsed. Click to expand it.
...@@ -16,6 +16,9 @@ namespace VulnCrawler ...@@ -16,6 +16,9 @@ namespace VulnCrawler
16 protected override string Extension => ".py"; 16 protected override string Extension => ".py";
17 protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)"; 17 protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)";
18 protected override string ReservedFileName => "PyReserved.txt"; 18 protected override string ReservedFileName => "PyReserved.txt";
19 +
20 + protected override string UserRegexFuncPattern => throw new NotImplementedException();
21 +
19 public override MatchCollection GetMatches(string patchCode) { 22 public override MatchCollection GetMatches(string patchCode) {
20 //var regs = Regex.Matches(patchCode, RegexFuncPattern); 23 //var regs = Regex.Matches(patchCode, RegexFuncPattern);
21 var regs = MethodExtractor.Matches(patchCode); 24 var regs = MethodExtractor.Matches(patchCode);
...@@ -85,5 +88,10 @@ namespace VulnCrawler ...@@ -85,5 +88,10 @@ namespace VulnCrawler
85 { 88 {
86 throw new NotImplementedException(); 89 throw new NotImplementedException();
87 } 90 }
91 +
92 + public override IDictionary<string, string> CrawlCode(StreamReader reader)
93 + {
94 + throw new NotImplementedException();
95 + }
88 } 96 }
89 } 97 }
......
...@@ -53,6 +53,23 @@ namespace VulnCrawler ...@@ -53,6 +53,23 @@ namespace VulnCrawler
53 return 802558182 + EqualityComparer<string>.Default.GetHashCode(BlockHash); 53 return 802558182 + EqualityComparer<string>.Default.GetHashCode(BlockHash);
54 } 54 }
55 } 55 }
56 + public class Vuln_detail
57 + {
58 + public int Index { get; set; } = -1; /* index key */
59 + public string Type { get; set; } = "NULL"; /* type */
60 + public string Year { get; set; } = "NULL"; /* year */
61 + public string Level { get; set; } = "NULL"; /* level */
62 + public string UserName { get; set; } = "NULL"; /* user name */
63 + public string Publish_date { get; set; } = "NULL"; /* Publish_date */
64 + public string Update_date { get; set; } = "NULL"; /* Update_date */
65 + public string CveDetail { get; set; } = "NULL"; /* cveDetail */
66 + public string CveName { get; set; } = "NULL"; /* cve name */
67 + public string FileName { get; set; } = "NULL"; /* FileName */
68 + public string FuncName { get; set; } = "NULL"; /* funcName */
69 + public string Url { get; set; } = "NULL"; /* Url */
70 + public string Product { get; set; }
71 +
72 + }
56 //connect 73 //connect
57 public static void Connect(AWS.Account account, string dbName) 74 public static void Connect(AWS.Account account, string dbName)
58 { 75 {
...@@ -129,9 +146,7 @@ namespace VulnCrawler ...@@ -129,9 +146,7 @@ namespace VulnCrawler
129 { 146 {
130 last_vulnId = 1; 147 last_vulnId = 1;
131 } 148 }
132 -
133 Retry: 149 Retry:
134 -
135 //DB insert 150 //DB insert
136 try 151 try
137 { 152 {
...@@ -216,6 +231,50 @@ namespace VulnCrawler ...@@ -216,6 +231,50 @@ namespace VulnCrawler
216 Console.ReadLine(); 231 Console.ReadLine();
217 } 232 }
218 } 233 }
234 + public static void InsertVulnDetail(Vuln_detail vuln)
235 + {
236 + String sql = string.Empty;
237 + MySqlCommand cmd = null;
238 + Retry:
239 + //DB insert
240 + try
241 + {
242 + cmd = new MySqlCommand
243 + {
244 + Connection = Conn,
245 + //db에 추가
246 + CommandText = "INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url, product) VALUES(@type, @year, @level, @userName, @cveName, @publish_date,@update_date, @cveDetail,@fileName, @funcName,@url,@product)"
247 + };
248 + cmd.Parameters.AddWithValue("@type", $"{vuln.Type}");
249 + cmd.Parameters.AddWithValue("@year", $"{vuln.Year}");
250 + cmd.Parameters.AddWithValue("@level", $"{vuln.Level}");
251 + cmd.Parameters.AddWithValue("@userName", $"{vuln.UserName}");
252 + cmd.Parameters.AddWithValue("@cveName", $"{vuln.CveName}");
253 + cmd.Parameters.AddWithValue("@publish_date", $"{vuln.Publish_date}");
254 + cmd.Parameters.AddWithValue("@update_date", $"{vuln.Update_date}");
255 + cmd.Parameters.AddWithValue("@cveDetail", $"{vuln.CveDetail}");
256 + cmd.Parameters.AddWithValue("@fileName", $"{vuln.FileName}");
257 + cmd.Parameters.AddWithValue("@funcName", $"{vuln.FuncName}");
258 + cmd.Parameters.AddWithValue("@url", $"{vuln.Url}");
259 + cmd.Parameters.AddWithValue("@product", $"{vuln.Product}");
260 + cmd.ExecuteNonQuery();
261 + //콘솔출력용
262 + sql = "INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url) " +
263 + $"VALUES({vuln.Type}, {vuln.Year}, {vuln.Level}, {vuln.UserName}, {vuln.CveName},{vuln.Publish_date}, {vuln.Update_date}, {vuln.CveDetail}, {vuln.FileName}, {vuln.FuncName}, {vuln.Url})";
264 + // Console.WriteLine(sql);
265 + }
266 + catch (Exception e)
267 + {
268 + // Console.WriteLine(e.ToString());
269 + string es = e.ToString();
270 + if (es.Contains("Connection must be valid and open"))
271 + {
272 + Connect(Account, DbName);
273 + goto Retry;
274 + }
275 + }
276 + }
277 +
219 public static void UpdateVulnData(int _vulnId, _Vuln vuln) { 278 public static void UpdateVulnData(int _vulnId, _Vuln vuln) {
220 String sql = string.Empty; 279 String sql = string.Empty;
221 MySqlCommand cmd = null; 280 MySqlCommand cmd = null;
...@@ -401,33 +460,118 @@ namespace VulnCrawler ...@@ -401,33 +460,118 @@ namespace VulnCrawler
401 Console.ReadLine(); 460 Console.ReadLine();
402 } 461 }
403 } 462 }
404 - public static List<_Vuln> SelectVulnbyLen(int _lenFunc) 463 + public static IEnumerable<_Vuln> SelectVulnbyLen(int _lenFunc)
405 { 464 {
406 - var list = new List<_Vuln>();
407 String sql = string.Empty; 465 String sql = string.Empty;
408 MySqlCommand cmd = new MySqlCommand(); 466 MySqlCommand cmd = new MySqlCommand();
409 cmd.Connection = Conn; 467 cmd.Connection = Conn;
410 cmd.CommandText = "SELECT * FROM vuln_Info where lenFunc=" + _lenFunc; 468 cmd.CommandText = "SELECT * FROM vuln_Info where lenFunc=" + _lenFunc;
411 469
412 System.Data.DataSet ds = new System.Data.DataSet(); 470 System.Data.DataSet ds = new System.Data.DataSet();
413 - MySqlDataAdapter da = new MySqlDataAdapter("SELECT * FROM vuln_Info where lenFunc=" + _lenFunc, Conn); 471 + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn);
414 da.Fill(ds); 472 da.Fill(ds);
415 473
416 //vuln에 입력 474 //vuln에 입력
417 foreach (System.Data.DataRow row in ds.Tables[0].Rows) 475 foreach (System.Data.DataRow row in ds.Tables[0].Rows)
418 { 476 {
419 - _Vuln vuln = new _Vuln(); 477 + _Vuln vuln = new _Vuln
420 - vuln.VulnId = Convert.ToInt32(row["vulnId"]); 478 + {
421 - vuln.Cve = Convert.ToString(row["cve"]); 479 + VulnId = Convert.ToInt32(row["vulnId"]),
422 - vuln.FuncName = Convert.ToString(row["funcName"]); 480 + Cve = Convert.ToString(row["cve"]),
423 - vuln.LenFunc = Convert.ToInt32(row["lenFunc"]); 481 + FuncName = Convert.ToString(row["funcName"]),
424 - vuln.Code = Convert.ToString(row["code"]); 482 + LenFunc = Convert.ToInt32(row["lenFunc"]),
425 - vuln.BlockHash = Convert.ToString(row["blockHash"]); 483 + Code = Convert.ToString(row["code"]),
426 - vuln.Url = Convert.ToString(row["url"]); 484 + BlockHash = Convert.ToString(row["blockHash"]),
427 - list.Add(vuln); 485 + Url = Convert.ToString(row["url"])
486 + };
487 + yield return vuln;
488 + }
489 + }
490 + public static IEnumerable<_Vuln> SelectVulnbyCve(string _cve)
491 + {
492 + String sql = string.Empty;
493 + MySqlCommand cmd = new MySqlCommand();
494 + cmd.Connection = Conn;
495 + cmd.CommandText = $"SELECT * FROM vuln_Info where cve='" + _cve + $"'";
496 +
497 + System.Data.DataSet ds = new System.Data.DataSet();
498 + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn);
499 + da.Fill(ds);
500 + //vuln에 입력
501 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
502 + {
503 + _Vuln vuln = new _Vuln
504 + {
505 + VulnId = Convert.ToInt32(row["vulnId"]),
506 + Cve = Convert.ToString(row["cve"]),
507 + FuncName = Convert.ToString(row["funcName"]),
508 + LenFunc = Convert.ToInt32(row["lenFunc"]),
509 + Code = Convert.ToString(row["code"]),
510 + BlockHash = Convert.ToString(row["blockHash"]),
511 + Url = Convert.ToString(row["url"])
512 + };
513 + yield return vuln;
514 + }
515 + }
516 + public static IEnumerable<string> SelectRepositbyName(string _username)
517 + {
518 + String sql = string.Empty;
519 + MySqlCommand cmd = new MySqlCommand();
520 + cmd.Connection = Conn;
521 + cmd.CommandText = "SELECT repository FROM vuln.auth_user WHERE username = '" + _username + "'";
522 + string a = null;
523 +
524 + //sql console write 확인용
525 + Console.Write(cmd.CommandText);
526 +
527 + System.Data.DataSet ds = new System.Data.DataSet();
528 + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn);
529 + da.Fill(ds);
530 + //string을 넣음
531 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
532 + {
533 + a = Convert.ToString(row["repository"]);
534 + yield return a;
535 + }
536 + }
537 + public static IEnumerable<(string userName, string repository)> SelectAllReposit()
538 + {
539 + String sql = string.Empty;
540 + MySqlCommand cmd = new MySqlCommand
541 + {
542 + Connection = Conn,
543 + CommandText = "SELECT username, repository FROM vuln.auth_user "
544 + };
545 + System.Data.DataSet ds = new System.Data.DataSet();
546 + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn);
547 + da.Fill(ds);
548 + //vuln에 입력
549 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
550 + {
551 + string repo = Convert.ToString(row["repository"]);
552 + string user = Convert.ToString(row["username"]);
553 + yield return (user, repo);
554 + }
555 + }
556 + public static IEnumerable<string> SelectReposit_detail()
557 + {
558 + String sql = string.Empty;
559 + MySqlCommand cmd = new MySqlCommand();
560 + cmd.Connection = Conn;
561 + cmd.CommandText = "SELECT url FROM vulnDetail ";
562 + string a = null;
563 +
564 + System.Data.DataSet ds = new System.Data.DataSet();
565 + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn);
566 + da.Fill(ds);
567 + //vuln에 입력
568 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
569 + {
570 + a = Convert.ToString(row["url"]);
571 + Console.WriteLine(a);
572 +
573 + yield return a;
428 } 574 }
429 - //해당 list 반환
430 - return list;
431 } 575 }
432 576
433 } 577 }
......
...@@ -30,7 +30,6 @@ namespace VulnCrawler ...@@ -30,7 +30,6 @@ namespace VulnCrawler
30 } 30 }
31 foreach (var commit in commits) { 31 foreach (var commit in commits) {
32 // 커밋 메시지 32 // 커밋 메시지
33 -
34 count++; 33 count++;
35 double per = ((double)count / (double)totalCount) * 100; 34 double per = ((double)count / (double)totalCount) * 100;
36 35
...@@ -46,23 +45,35 @@ namespace VulnCrawler ...@@ -46,23 +45,35 @@ namespace VulnCrawler
46 string commitUrl = $"{crawler.PushUrl}/commit/{commit.Sha}"; 45 string commitUrl = $"{crawler.PushUrl}/commit/{commit.Sha}";
47 46
48 foreach (var parent in commit.Parents) { 47 foreach (var parent in commit.Parents) {
49 -
50 try 48 try
51 { 49 {
50 +
51 +
52 // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 52 // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴
53 var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); 53 var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree);
54 +
54 // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 55 // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴
55 // (실질적인 코드 변경 커밋만 보기 위해서) 56 // (실질적인 코드 변경 커밋만 보기 위해서)
56 var entrys = crawler.GetPatchEntryChanges(patch); 57 var entrys = crawler.GetPatchEntryChanges(patch);
58 + if (entrys.Count() > 100)
59 + {
60 + // continue;
61 + }
57 /* C:\VulnC\linux 라면 linux만 뽑아서 repoName에 저장 */ 62 /* C:\VulnC\linux 라면 linux만 뽑아서 repoName에 저장 */
58 var dsp = dirPath.Split(Path.DirectorySeparatorChar); 63 var dsp = dirPath.Split(Path.DirectorySeparatorChar);
59 string repoName = dsp[dsp.Length - 1]; 64 string repoName = dsp[dsp.Length - 1];
60 // 현재 커밋에 대한 패치 엔트리 배열을 출력함 65 // 현재 커밋에 대한 패치 엔트리 배열을 출력함
61 PrintPatchEntrys(entrys, crawler, message, cve, repoName, commitUrl); 66 PrintPatchEntrys(entrys, crawler, message, cve, repoName, commitUrl);
62 // Console.ReadLine(); 67 // Console.ReadLine();
68 + break;
69 +
70 + }
71 + catch(Exception e)
72 + {
73 + break;
74 + //Console.WriteLine(e.ToString());
75 + //Console.ReadLine();
63 } 76 }
64 - catch(Exception)
65 - { }
66 } 77 }
67 } 78 }
68 } 79 }
...@@ -133,7 +144,7 @@ namespace VulnCrawler ...@@ -133,7 +144,7 @@ namespace VulnCrawler
133 #endregion 144 #endregion
134 145
135 } 146 }
136 - catch (Exception e) 147 + catch (Exception)
137 { 148 {
138 continue; 149 continue;
139 } 150 }
......
...@@ -33,8 +33,14 @@ ...@@ -33,8 +33,14 @@
33 </PropertyGroup> 33 </PropertyGroup>
34 <ItemGroup> 34 <ItemGroup>
35 <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" /> 35 <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" />
36 + <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
37 + <HintPath>..\packages\Newtonsoft.Json.11.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
38 + </Reference>
36 <Reference Include="System" /> 39 <Reference Include="System" />
37 <Reference Include="System.Core" /> 40 <Reference Include="System.Core" />
41 + <Reference Include="System.ValueTuple, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
42 + <HintPath>..\packages\System.ValueTuple.4.5.0\lib\net461\System.ValueTuple.dll</HintPath>
43 + </Reference>
38 <Reference Include="System.Xml.Linq" /> 44 <Reference Include="System.Xml.Linq" />
39 <Reference Include="System.Data.DataSetExtensions" /> 45 <Reference Include="System.Data.DataSetExtensions" />
40 <Reference Include="Microsoft.CSharp" /> 46 <Reference Include="Microsoft.CSharp" />
...@@ -49,6 +55,7 @@ ...@@ -49,6 +55,7 @@
49 </ItemGroup> 55 </ItemGroup>
50 <ItemGroup> 56 <ItemGroup>
51 <None Include="App.config" /> 57 <None Include="App.config" />
58 + <None Include="packages.config" />
52 </ItemGroup> 59 </ItemGroup>
53 <ItemGroup> 60 <ItemGroup>
54 <ProjectReference Include="..\VulnCrawler\VulnCrawler.csproj"> 61 <ProjectReference Include="..\VulnCrawler\VulnCrawler.csproj">
......
1 +<?xml version="1.0" encoding="utf-8"?>
2 +<packages>
3 + <package id="Newtonsoft.Json" version="11.0.2" targetFramework="net461" />
4 + <package id="System.ValueTuple" version="4.5.0" targetFramework="net461" />
5 +</packages>
...\ No newline at end of file ...\ No newline at end of file